• Home
  • Black Duck vs. Veracode

Black Duck vs Veracode comparison

Cancel
You must select at least 2 products to compare!
Synopsys Logo
Black Duck
Read 19 Black Duck reviews
14,718 views|10,174 comparisons
82% willing to recommend
Veracode Logo
Veracode
Read 194 Veracode reviews
6,588 views|4,444 comparisons
90% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Black Duck vs. Veracode
March 2024
Executive Summary

We performed a comparison between Black Duck and Veracode based on real PeerSpot user reviews.

Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Black Duck vs. Veracode Report (Updated: March 2024).
Download the complete report
771,157 professionals have used our research since 2012.
Featured Review
Zhengang Ren
Researched Veracode but chose Black Duck: Very good at scanning open source software and ensuring compliance
Sai Srinivas B
Makes our code secure and integrates well with GitHub
There are multiple ways to use Veracode. We can use Veracode directly in our ID environment, and we can use it in the UI environment in our... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The most valuable feature for me in Black Duck is its ability to scan binary files effectively.""We accidentally use third-party library APIs, which may not be secure. Our technical team may not have the end time or expertise to figure it out. Black Duck helps us with that and saves us time.""It is able to drill down to the source level.""The solution is stable.""The most valuable feature is the vulnerability scanning, and that it's easy to use.""The solution is very good at scanning and evaluating open source software.""The knowledge base and the management system are the most valuable features of Black Duck Hub. It has a very helpful management environment. They offer an editor where we can check the discovered license, which is retrieved from their knowledge base. They have a huge knowledge base build over the years. It gives you some possibilities, such as this license with possibility A could cause a vulnerability issue or a potential breach.""The product enables other applications to be secure."

More Black Duck Pros →

"Our development team use this solution for static code analysis and pen testing.""Static Scanning is the most valuable feature of Veracode.""I like the sandbox, the ability to upload compiled code, and how easy it is.""Valuable features for us are the static scanning of the software, which is very important to us; the ability to set policy profiles that are specific to us; the software composition analysis, to give us reports on known vulnerabilities from our third-party components.""To me, the principal feature is the CLI (command-line interface) because I put together a lot of implementations using it. Another important aspect is the low false-positive rate because the solution is very configurable. It is as low as 1 percent and that is a huge difference compared to competitors.""We have such a wide variety of users for Veracode, including security champions, development leads, developers themselves, that the ease of use is really quite important, because we don't assume anything about what those people might already know, or need to know. It just makes it very useful for anyone who has to engage with it.""We have found the static analysis to be useful in Veracode Static Analysis. However, we are in the process of testing.""What I found most valuable in Veracode is that it gives me a part-by-part report of the entire EAR file and lets me set up the application for a limited time. Once that expires, Veracode allows you to automatically renew it, which is one of the features I find remarkable in Veracode."

More Veracode Pros →

Cons
"We have been having some issues with the latest releases where we are not able to scan our applications with the help of Black Duck.""The tool's documentation and support are areas of concern where improvements are required.""It can be cumbersome to use or invalidate open source software because there is a hold time to check requirements or common regulations to ensure compliance.""The solution must provide more open APIs.""The documentation is quite scattered.""It needs to be more user-friendly for developers and in general, to ensure compliance.""The tool needs to improve its pricing. Its configuration is complex and can be improved.""We're not too sure about the extension of the firewall. It never shows up in the Hub."

More Black Duck Cons →

"I would like Veracode to add more language support.""Some important languages are not supported.""The scanning takes a lot of time to complete.""There should be more APIs, especially in SCA, to get some results or automate some things.""The interface is too complex.""The current version of the application does not support testing for API.""They cover a lot of languages already and it doesn't make sense for them to cover legacy languages but I know there is a need for covering legacy languages.""Their scanning engine is sometimes a little bit slow. They can improve the scan time."

More Veracode Cons →

Pricing and Cost Advice
  • "Depending on the use case, the cost could range from $10,000 USD to $70,000 USD."
  • "The price is quite high because the behavior of the software during the scan is similar to competing products."
  • "The price is low. It's not an expensive solution."
  • "Black Duck is more suitable if you require a lot of licensing compliance. For smaller organizations, WhiteSource is better because its pricing policies are not really suitable for huge organizations."
  • "It is expensive."
  • "I rate the product's price one on a scale of one to ten, where one is a high price, and ten is a low price."
  • "The pricing is a little high."
  • "The price charged by Black Duck is exorbitant."

    • More Black Duck Pricing and Cost Advice →

  • "Its complexity makes it quite expensive, but it’s all worth it, with all the engineering in the background."
  • "The pricing is pretty high."
  • "The worst part about the product is that it does not scale at all. Also, microservices apps will cost you a fortune."
  • "I think licensing needs to be changed or updated so that it works with adjustments. Pricing is expensive compared to the amount of scanning we perform."
  • "It's worth the value"
  • "Pricing seems fair for what is offered, and licensing has been no problem. All developers are able to get the access they need."
  • "It can be expensive to do this, so I would just make sure that you're getting the proper number of licenses. Do your analysis. Make sure you know exactly what it is you need, going in."
  • "The licensing and prices were upfront and clear. They stand behind everything that is said during the commercial phase and during the onboarding phase. Even the most irrelevant "that can be done" was delivered, no matter how important the request was."

    • More Veracode Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
    See Recommendations
    771,157 professionals have used our research since 2012.
    Questions from the Community
    How does WhiteSource compare with Black Duck?
    Top Answer:We researched Black Duck but ultimately chose WhiteSource when looking for an application security tool. WhiteSource is a software solution that enables agile open source security and license… more »
    What do you like most about Black Duck?
    Top Answer:The product enables other applications to be secure.
    Read all 15 answers   →
    What is your experience regarding pricing and costs for Black Duck?
    Top Answer:The pricing is a little high. I rate the pricing a seven out of ten. The average price of the product is close to $100.
    Read all 12 answers   →
    Which gives you more for your money - SonarQube or Veracode?
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use… more »
    Read all 6 answers   →
    What do you like most about Veracode?
    Top Answer:The SAST and DAST modules are great.
    Read all 96 answers   →
    What is your experience regarding pricing and costs for Veracode?
    Top Answer:The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
    Read all 66 answers   →
    Ranking
    1st
    out of 40 in Software Composition Analysis (SCA)
    Views
    14,718
    Comparisons
    10,174
    Reviews
    8
    Average Words per Review
    455
    Rating
    7.6
    3rd
    out of 40 in Software Composition Analysis (SCA)
    Views
    6,588
    Comparisons
    4,444
    Reviews
    101
    Average Words per Review
    989
    Rating
    8.1
    Comparisons
    Snyk logo
    Snyk vs. Black Duck
    Compared 23% of the time.
    JFrog Xray logo
    JFrog Xray vs. Black Duck
    Compared 12% of the time.
    Mend.io logo
    Mend.io vs. Black Duck
    Compared 10% of the time.
    More Black Duck Competitors   →
    SonarQube logo
    SonarQube vs. Veracode
    Compared 26% of the time.
    Checkmarx One logo
    Checkmarx One vs. Veracode
    Compared 14% of the time.
    Fortify on Demand logo
    Fortify on Demand vs. Veracode
    Compared 7% of the time.
    Snyk logo
    Snyk vs. Veracode
    Compared 6% of the time.
    Mend.io logo
    Mend.io vs. Veracode
    Compared 3% of the time.
    More Veracode Competitors   →
    Also Known As
    Blackduck Hub, Black Duck Protex, Black Duck Security Checker
    Crashtest Security , Veracode Detect
    Learn More
    Synopsys
    Veracode
    Overview

    Black Duck is a comprehensive solution for managing security, license compliance, and code quality risks that come from the use of open source in applications and containers. Named a leader in software composition analysis (SCA) by Forrester, Black Duck gives you unmatched visibility into third-party code, enabling you to control it across your software supply chain and throughout the application life cycle.

    Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-generated remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world’s leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achievereal-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, and Penetration Testing.

    Learn more atwww.veracode.com, on theVeracode blog, and onLinkedInandTwitter.

    Sample Customers
    Samsung, Siemens, ScienceLogic, Noser Engineering AG, ClickFox, Dynatrace, CopperLeaf
    Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
    Top Industries
    REVIEWERS
    Manufacturing Company67%
    Computer Software Company17%
    Financial Services Firm17%
    VISITORS READING REVIEWS
    Financial Services Firm21%
    Manufacturing Company15%
    Computer Software Company15%
    Healthcare Company4%
    REVIEWERS
    Computer Software Company26%
    Financial Services Firm23%
    Insurance Company9%
    Comms Service Provider6%
    VISITORS READING REVIEWS
    Financial Services Firm18%
    Computer Software Company15%
    Manufacturing Company8%
    Government6%
    Company Size
    REVIEWERS
    Small Business32%
    Large Enterprise68%
    VISITORS READING REVIEWS
    Small Business15%
    Midsize Enterprise10%
    Large Enterprise75%
    REVIEWERS
    Small Business31%
    Midsize Enterprise20%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise13%
    Large Enterprise70%
    Buyer's Guide
    Black Duck vs. Veracode
    March 2024
    Free Report: Black Duck vs. Veracode
    Find out what your peers are saying about Black Duck vs. Veracode and other solutions. Updated: March 2024.
    DOWNLOAD NOW
    771,157 professionals have used our research since 2012.

    Black Duck is ranked 1st in Software Composition Analysis (SCA) with 19 reviews while Veracode is ranked 3rd in Software Composition Analysis (SCA) with 194 reviews. Black Duck is rated 7.8, while Veracode is rated 8.2. The top reviewer of Black Duck writes "Enables applications to be secure, but it must provide more open APIs". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Black Duck is most compared with Snyk, Fortify Static Code Analyzer, JFrog Xray, Mend.io and Polaris Software Integrity Platform, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and Mend.io. See our Black Duck vs. Veracode report.

    See our list of best Software Composition Analysis (SCA) vendors.

    We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.